Added password protection of website statistics.

tbrehm · tbrehm · commit eed36bdd8620 · 2009-03-15T11:52:16.000Z
diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql
@@ -982,6 +982,7 @@ CREATE TABLE `web_domain` (
   `ssl_cert` mediumtext NULL,
   `ssl_bundle` mediumtext NULL,
   `ssl_action` varchar(16) NULL,
+  `stats_password` varchar(255) default NULL,
   `apache_directives` text,
   `active` enum('n','y') NOT NULL default 'y',
   PRIMARY KEY  (`domain_id`)
diff --git a/interface/web/sites/form/web_domain.tform.php b/interface/web/sites/form/web_domain.tform.php
@@ -322,6 +322,31 @@
 	)
 );
 
+//* Statistics
+$form["tabs"]['stats'] = array (
+	'title' 	=> "Stats",
+	'width' 	=> 100,
+	'template' 	=> "templates/web_domain_stats.htm",
+	'readonly'	=> false,
+	'fields' 	=> array (
+	##################################
+	# Begin Datatable fields
+	##################################
+		'stats_password' => array (
+			'datatype'	=> 'VARCHAR',
+			'formtype'	=> 'PASSWORD',
+			'encryption' => 'CRYPT',
+			'default'	=> '',
+			'value'		=> '',
+			'width'		=> '30',
+			'maxlength'	=> '255'
+		),
+	##################################
+	# ENDE Datatable fields
+	##################################
+	)
+);
+
 if($_SESSION["s"]["user"]["typ"] == 'admin') {
 
 $form["tabs"]['advanced'] = array (
diff --git a/interface/web/sites/lib/lang/en.lng b/interface/web/sites/lib/lang/en.lng
@@ -2,7 +2,7 @@
 $wb['Database'] = 'Database';
 $wb['Options'] = 'Options';
 $wb['Shell User'] = 'Shell User';
-$wb['Domain'] = 'Domain';
+$wb['Domain'] = 'Website';
 $wb['Redirect'] = 'Redirect';
 $wb['SSL'] = 'SSL';
 $wb['Subdomain'] = 'Subdomain';
@@ -13,4 +13,5 @@ $wb['FTP'] = 'FTP';
 $wb['Shell-User'] = 'Shell-User';
 $wb['Shell'] = 'Shell';
 $wb['Websites'] = 'Websites';
+$wb["Stats"] = 'Statistics';
 ?>
diff --git a/interface/web/sites/lib/lang/en_web_domain.lng b/interface/web/sites/lib/lang/en_web_domain.lng
@@ -45,4 +45,6 @@ $wb['error_ssl_organisation_empty'] = 'SSL Organisation is empty.';
 $wb['error_ssl_organisation_unit_empty'] = 'SSL Organisation Unit is empty.';
 $wb['error_ssl_country_empty'] = 'SSL Country is empty.';
 $wb["client_group_id_txt"] = 'Client';
+$wb["stats_password_txt"] = 'Webstatistics password';
+
 ?>
diff --git a/interface/web/sites/templates/web_domain_stats.htm b/interface/web/sites/templates/web_domain_stats.htm
@@ -0,0 +1,22 @@
+<h2><tmpl_var name="list_head_txt"></h2>
+<p><tmpl_var name="list_desc_txt"></p>
+
+<div class="panel panel_web_domain">
+
+  <div class="pnl_formsarea">
+    <fieldset class="inlineLabels">
+      <div class="ctrlHolder">
+      	<label for="redirect_path">{tmpl_var name='stats_password_txt'}</label>
+        <input name="stats_password" id="stats_password" value="{tmpl_var name='stats_password'}" size="30" maxlength="255" type="text" class="textInput" />
+	  </div>
+    </fieldset>
+
+    <input type="hidden" name="id" value="{tmpl_var name='id'}">
+
+    <div class="buttonHolder buttons">
+      <button class="positive iconstxt icoPositive" type="button" value="{tmpl_var name='btn_save_txt'}" onClick="submitForm('pageForm','sites/web_domain_edit.php');"><span>{tmpl_var name='btn_save_txt'}</span></button>
+      <button class="negative iconstxt icoNegative" type="button" value="{tmpl_var name='btn_cancel_txt'}" onClick="loadContent('sites/web_domain_list.php');"><span>{tmpl_var name='btn_cancel_txt'}</span></button>
+    </div>
+  </div>
+  
+</div>
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
@@ -670,6 +670,25 @@ function update($event_name,$data) {
 			$app->log("Removing File $vhost_file",LOGLEVEL_DEBUG);
 		}
 		
+		//* Create .htaccess and .htpasswd file for website statistics
+		if(!is_file($data["new"]["document_root"].'/web/stats/.htaccess') {
+			$ht_file = "AuthType Basic\nAuthName \"Members Only\"\nAuthUserFile ".$data["new"]["document_root"]."/.htpasswd_stats\n<limit GET PUT POST>\nrequire valid-user\n</limit>";
+			file_put_contents($data["new"]["document_root"].'/web/stats/.htaccess',$ht_file);
+			chmod($data["new"]["document_root"].'/web/stats/.htaccess',0664);
+			unset($ht_file);
+		}
+		
+		if(!is_file($data["new"]["document_root"].'/.htpasswd_stats') || $data["new"]["stats_password"] != $data["old"]["stats_password"]) {
+			if(trim($data["new"]["stats_password"]) != '') {
+				$htp_file = 'admin:'.trim($data["new"]["stats_password"]);
+				file_put_contents($data["new"]["document_root"].'/.htpasswd_stats',$htp_file);
+				chmod($data["new"]["document_root"].'/.htpasswd_stats',0664);
+				unset($htp_file);
+			}
+		}
+		
+		
+		
 		// request a httpd reload when all records have been processed
 		$app->services->restartServiceDelayed('httpd','reload');
 		
